Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Supporting requirements engineers in recognising security issues

: Knauss, E.; Houmb, S.; Schneider, K.; Islam, S.; Jürjens, J.


Berry, D.:
Requirements engineering: Foundation for software quality. 17th international working conference, REFSQ 2011 : Essen, Germany, March 28-30, 2011; Proceedings
Berlin: Springer, 2011 (Lecture Notes in Computer Science 6606)
ISBN: 3-642-19857-0
ISBN: 978-3-642-19857-1
ISSN: 0302-9743
International Working Conference on Requirements Engineering - Foundation for Software Quality (REFSQ) <17, 2011, Essen>
Fraunhofer ISST ()

Context & motivation: More and more software projects today are security-related in one way or the other. Many environments are initially not considered security-related and no security experts are assigned. Requirements engineers often fail to recognise indicators for security problems. Question/problem: Ignoring security issues early in a project is a major source of recurring security problems in practice. Identifying security-relevant requirements is labour-intensive and error-prone. Security may be neglected in order to finish on time and in budget. Principal ideas/results: I , we address this problem by presenting a tool-supported method that provides assistance for requirements engineering, with an emphasis on security requirements. We investigate whether security-relevant requirements can be automatically identified using a Bayesian classifier. Our results indicate that this is feasible, in particular if the classifier is trained with domain specific data and do cuments from previous projects. Contribution: We show how the ability to identify security-relevant requirements can be integrated in a workflow of requirements analysis and reuse of experience. In practice, this can increase security awareness within the software development process. We discuss limitations and potential of this approach.